param toolsRoot string
param credentialProvider object

// Location for all nuget related assets except for caches for downloaded packages.
// CODESYNC: The folder is created by windows-install-artifacts-credprovider and its name is hardcoded in artifacts\windows-install-artifacts-credprovider\windows-install-artifacts-credprovider.ps1
var nugetRoot = '${toolsRoot}\\.nuget'

var npmGlobalTools = '${toolsRoot}\\.npm-global'

var envVarsToSet = {
  // Explicitly set cred provider location for both .NET classic and core (https://learn.microsoft.com/en-us/nuget/reference/extensibility/nuget-cross-platform-plugins#plugin-installation-and-discovery)
  // Not setting NUGET_CREDENTIALPROVIDERS_PATH (which is used as a fallback) as it is used by both new and old versions
  // of NuGet which require different credential provider versions. The plugins here only support the V2 protocol so
  // setting NUGET_CREDENTIALPROVIDERS_PATH will cause older versions of NuGet to get an invalid version and fail.

  // Any version that supports the V2 protocol will respect either the NUGET_PLUGIN_PATHS, or for nuget 5.3+ the
  // NUGET_NETFX_PLUGIN_PATHS and NUGET_NETCORE_PLUGIN_PATHS
  NUGET_PLUGIN_PATHS: '${nugetRoot}\\plugins\\netfx\\CredentialProvider.Microsoft\\CredentialProvider.Microsoft.exe'
  NUGET_NETFX_PLUGIN_PATHS: '${nugetRoot}\\plugins\\netfx\\CredentialProvider.Microsoft\\CredentialProvider.Microsoft.exe'
  NUGET_NETCORE_PLUGIN_PATHS: '${nugetRoot}\\plugins\\netcore\\CredentialProvider.Microsoft\\CredentialProvider.Microsoft.dll'

  // Controls whether MSAL (and implicitly the broker on Windows) is used, instead of the default ADAL
  NUGET_CREDENTIALPROVIDER_MSAL_ENABLED: credentialProvider.msal ? 'true' : ''

  // Overrides tooling behavior to show dialog or system browser instead of device flow
  NUGET_CREDENTIALPROVIDER_FORCE_CANSHOWDIALOG_TO: credentialProvider.canShowDialog ? 'true' : ''

  // Cached content locations (https://learn.microsoft.com/en-us/nuget/consume-packages/managing-the-global-packages-and-cache-folders)
  // The trailing slash in NUGET_PACKAGES is to ensure that NuGetPackageRoot property in *.nuget.g.props (generated by msbuild /t:restore) has a trailing slash as well
  // to match the behavior when NUGET_PACKAGES is not set, in which case the property is set to $(UserProfile)\.nuget\packages\ by msbuild/nuget
  NUGET_PACKAGES: '${nugetRoot}\\packages\\'
  NUGET_HTTP_CACHE_PATH: '${nugetRoot}\\v3-cache'
  NUGET_PLUGINS_CACHE_PATH: '${nugetRoot}\\plugins-cache'

  // NPM packages cache managed by Yarn (https://classic.yarnpkg.com/en/docs/cli/cache#toc-change-the-cache-path-for-yarn)
  YARN_CACHE_FOLDER: '${toolsRoot}\\.yarn'
  // NPM packages cache managed by NPM (uses a different format to Yarn. See https://docs.npmjs.com/cli/v9/using-npm/config#cache)
  NPM_CONFIG_CACHE: '${toolsRoot}\\.npm'
  // NPM "global" packages (when running npm install -g). See https://docs.npmjs.com/cli/v9/using-npm/config#prefix
  NPM_CONFIG_PREFIX: npmGlobalTools
}

var setEnvVars = [
  for envVar in items(envVarsToSet): {
    name: 'windows-setenvvar'
    parameters: {
      Variable: envVar.key
      Value: envVar.value
      PrintValue: 'true'
    }
  }
]

output setStableEnvVars array = concat(setEnvVars, [
  {
    // Add global NPM packages directory to machine-wide path so global NPM tools are available during image build and later when user logs in.
    // For example, the following command installs the VSTS NPM auth tool globally:
    //  npm install -g vsts-npm-auth --registry https://registry.npmjs.com --always-auth false
    name: 'windows-add-to-path'
    parameters: {
      newPath: npmGlobalTools
    }
  }
])
